How are user and API key actions distinguished?

Each log entry displays a visual indicator next to the actor. The icon identifies whether the action was performed by a user directly or through an API key.

In what order are logs displayed?

Logs are sorted in descending order by creation date — newest first.

Can I export audit logs?

Audit logs are viewed in Cosmo Studio. Export and integration with external logging systems are not currently documented — contact us about your requirements.

Does the audit log help with SOC 2 compliance?

Yes. The audit log provides a record of every action, actor, and timestamp. It supports compliance requirements for access control evidence and change management documentation.

Audit Logging for GraphQL | Activity Trail | Cosmo by WunderGraph

Q: What actions are captured in the audit log?

All significant actions in your organization are captured, whether performed directly by a user or through an API key, along with platform-generated events from Cosmo itself.

The problem

Without a log, accountability is impossible

When a change happens in your federated graph, you need to know what it was, who made it, and whether it was authorized. Without an audit trail, you are guessing.

Incidents are hard to investigate without a trail

When something changes unexpectedly in your federated graph, finding out who did it and when requires piecing together information from multiple sources — if it exists at all.

Compliance requires evidence that doesn't exist

SOC 2, GDPR, and similar frameworks require documented evidence of access control and change management. Without an audit log, that evidence must be reconstructed manually.

No visibility into what automated systems are doing

API keys and CI/CD pipelines take actions in your organization continuously. Without attribution, you can't distinguish expected automation from unexpected changes.

Our solution

A complete record of every organization action

Cosmo captures every significant action automatically. No setup required. Each entry includes full context: who performed the action, what was done, and when it happened.

How audit logging works

Every action in your organization is captured automatically — no configuration required.
Logs are sorted in descending chronological order by creation date.
Each entry shows the actor (user or API key), the action performed, and the timestamp.
Visual indicators distinguish actions by humans from actions by API keys.
Platform-generated events from Cosmo itself are also captured alongside user and API key actions.
Access audit logs from your organization settings in Cosmo Studio.

Automatic from the moment your organization is created.

Audit Logging

Before & After

Before Cosmo	With Cosmo
Unknown who made a change	Clear actor attribution: user email or API key identifier
No way to distinguish human from automated actions	Visual indicators for user vs API key actions
Manual compliance documentation	Automatic audit trail always available
Slow incident investigation across multiple systems	Chronological log with actor, action, and timestamp

What's logged

Three sources, one log

User actions: Actions taken directly in Cosmo Studio or via wgc CLI by organization members.
API key actions: Actions performed through API keys by CI/CD systems, automation scripts, or other programmatic clients.
Platform events: System-generated events from the Cosmo platform itself, captured alongside user and API key actions.

How Cosmo Audit Logging works

01

Automatic capture.

Capture

Every significant action in your organization is intercepted and logged automatically, whether performed directly by a user or through an API key.

02

User and key attribution.

Attribute

Each log entry records who performed the action. Users are identified by email. API key actions are attributed to the key identifier. Visual icons distinguish the two.

03

Platform events included.

Include platform events

System-generated events from the Cosmo platform are also logged alongside user and API key actions, giving you full visibility into automated platform behavior.

04

Descending by date.

View

Navigate to Audit Log in your organization settings. Logs appear in descending chronological order. Each entry shows the actor, action, and timestamp.

What's included

Complete visibility, no setup required

Available on Pro, Scale, and Enterprise plans.

Full actor attribution

Every entry identifies the actor — user email or API key identifier — with a visual indicator showing whether the action was human or automated.

Automatic capture

No configuration required. All Studio, CLI, and API actions are logged from the moment the organization exists. Nothing is missed.

Platform events

System-generated events from Cosmo are logged alongside user and API key actions. The complete picture of what happened — human, automated, and platform — is in one view.

Compliance-ready

The audit log provides the evidence trail needed for SOC 2, GDPR, and similar frameworks. Every action is captured with its actor and timestamp.

Get a complete audit trail for your federated graph

Audit Logging is available on Pro, Scale, and Enterprise plans. Contact us to start on a qualifying plan.

Talk to Sales Read the Docs

Know what happened, who did it, and when